The UK Information Commissioner's Office (ICO) ordered a report to find the extent of English businesses' knowledge on the European Commission's data protection reforms. Among other things, the updates to the privacy laws further encourage (indirectly) the use of data protection software, like AlertBoot's Mobile Security for smartphones and tablets, as well as introducing novel ideas such as the "right to be forgotten."

Bad News

The survey's results are not very encouraging. For example, it turns out that 82% of businesses did not know how much they spend on data protection. Observed information-age.com,

it is not surprising, then, that 87% could not estimate what the impact of the reforms would be.

Respondents were asked to describe the reforms as they understand them. Four out of ten had an inaccurate understanding of all ten reforms, and not one fully understands every one.

An Easier Way? A Totally Transparent Cost Structure

I don't know about "the inaccurate understanding of all ten reforms," but I can understand why most businesses don't have a good idea on their data protection budget. The answer is that it's not easy figuring out what it actually costs.

License purchases. Depending on the approach, a company may have to purchase the licenses in pre-arranged blocks, say at least 100 licenses, and 50 additional license blocks after that. If you need 105 licenses, you have to purchase 150. The remaining 45 are sometimes called "shelfware" because that's where they end up; maybe you'll them all, maybe you won't.

Because computers are tracked (e.g., to install updates or new software), you have a good idea of how many machines are on your network. But the cost of the data security is actually greater than that because of shelfware as well as computers than are not plugged to the network. Unless you have meticulous records, chances are your estimates will be lower than reality.

Bring Your Own Management Server. In other words, you have to provide the infrastructure for managing, deploying, and installing the licenses you just purchased. Of course, you could do it without central management. But if you have more than, say, 50 computers to manage (again, to install updates or new software or whatever), a management server saves time and money. But only if you plunk down money. The problem is that you may add, retire, or repurpose servers as necessary or as opportunity permits.

And, by doing so, you also change the equations for what you're spending in terms of electricity, peripherals (like LAN cables and whatnot), etc. In the end, these add up to a substantial figure. But, with things moving in and out, you're never quite sure what the figure is. For example, a management server for full disk encryption is repurposed as a printer server...did you update your accounting spreadsheets as well?

Data Center. Many companies make use of data centers to ensure reliability and uptime of core operations. The data security portion probably holds a fraction of the space allocated in a data center. So what are its costs, exactly? You know you're paying saying, $5,000 per month, but how much of that is assigned to the data protection portion? Good luck finding out.

Employees. Maybe the company has an IT department. And maybe the IT department's personnel are doing double (or triple) duty as coders, troubleshooters, software installers, hardware installers, and who knows what else. How much of their time is spent on data security stuff? Or maybe they've got people dedicated to doing password resets for people who forgot their passwords and are locked out of their computers.

As you can see, trying to figure out how much data security costs is fraught with blind spots.

Of course, it doesn't necessarily have to be this way. AlertBoot's security suite for endpoints – AlertBoot Mobile Security for BYOD and AlertBoot Full Disk Encryption for laptop hard drives – are a model of cost transparency: a flat annual price without any predefined license purchases: you can obtain as many (or as little) licenses as you need.

This is possible because the solution is cloud-based, hosted on AlertBoot's data centers. This means any hardware and software issues are left up to AlertBoot. Furthermore, the company provides support and password recovery services 24/7, ensuring that the IT department is focused on more important matters.

Because all of this is included in AlertBoot's offerings, calculating data security costs are also very easy.

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading
provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing
support of the AlertBoot disk encryption managed service.
Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts
University in Medford, Massachusetts, U.S.A.